[asterisk-bugs] [JIRA] (ASTERISK-25851) Bug in chan_sip - Forbidden 403
Alexey A. Astashov (JIRA)
noreply at issues.asterisk.org
Wed Mar 16 18:28:56 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-25851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexey A. Astashov updated ASTERISK-25851:
------------------------------------------
Description:
I found a problem with call processing using SIP protocol.
For example:
I'm trying to make a call from a station at an Asterisk (PBX-1, assigned numbers: 11ХХ) directly to a station at another Asterisk (PBX-2, assigned numbers: 10ХХ-11ХХ). The original CID is passed during the call. It may happen so that PBX-2 determines the incoming CID as existing in its own configuration. in this case PBX-2 returns "Forbidden 403" as if an authentication error occured.
For example, I'm trying to make a call from number 1107 on PBX-1 (this number exists in the configuration of both PBXs), to number 1000 (PBX-2)
{code}
Using INVITE request as basis request - 195851bb4abc4fdc17ba8da524330781 at 172.16.15.196:5060
Found peer '1107' for '1107' from 172.16.15.196:5060
[Mar 17 01:02:55] WARNING[901][C-00000049]: chan_sip.c:16702 check_auth: username mismatch, have <1107>, digest has <s>
[Mar 17 01:02:55] NOTICE[901][C-00000049]: chan_sip.c:25603 handle_request_invite: Failed to authenticate device "Astashov A." <sip:1107 at 172.16.15.196>;tag=as5ce36944
{code}
Both PBXs are configured according to the documentation.
However, if I remove the station number (1107) from the PBX-2 configuration, the error does not occur, the call proceeds normally.
The error is occurring with Asterisk version 13, it does not occur on Asterisk version 11 when using the same configuration.
Also, the error does not occur when using the IAX2 protocol even on version 13.
So, the problem is only with Asterisk 13 when using SIP.
This issue is preventing me from using FMC (Fixed Mobile Convergence) provided by our mobile carrier.
My configuration is as follows:
h2.PBX-1
h3.sip.conf
{code}#cat sip.conf (PBX-1)
[general]
context=public
udpbindaddr=0.0.0.0
allowoverlap=no
bindaddr=0.0.0.0
bindport=5060
register => Astashov-EDU-15-196:MyEDU-8.117!@172.16.15.196/Astashov-EDU-15-196
[1100]
type=friend
context=phones
host=dynamic
secret=MyEDU!!
dial=SIP/1100
[1107]
type=friend
context=phones
host=dynamic
secret=MyEDU!!
dial=SIP/1107
[Astashov-EDU-8-117]
type=friend
secret=MyEDU-8.117!
contex=8-117-incoming
host=dynamic
disallow=all
allow=alaw
insecure=invite
{code}
h3.extension.conf
{code}
#cat extension.conf (PBX-1)
[globals]
[general]
autofallthrough=yes
[outgoing_calls]
exten => _10XX,1,NoOp()
exten => _10XX,n,Dial(SIP/172.16.8.117/${EXTEN})
[internal]
exten => 1107,1,Verbose(1|Extension 1107)
exten => 1107,n,Dial(SIP/1107,30)
exten => 1107,n, Hangup()
[public]
exten => _11XX,1,NoOp()
exten => _11XX,n,Dial(SIP/${EXTEN},30)
exten => _11XX,n,Hangup()
[phones]
include => internal
include => outgoing_calls
[8-117-incoming]
include => internal
{code}
h2.PBX-2
h3.sip.conf
{code}
#cat sip.conf (PBX-2)
[general]
context=public
udpbindaddr=0.0.0.0
allowoverlap=no
bindaddr=0.0.0.0
bindport=5060
register => Astashov-EDU-8-117:MyEDU-8.117!@172.16.15.196/Astashov-EDU-8-117
[1000]
type=friend
context=phones
host=dynamic
secret=MyEDU!!
dial=SIP/1000
[1107]
type=friend
context=phones
host=dynamic
secret=MyEDU!!
dial=SIP/1107
[Astashov-EDU-15-196]
type=friend
secret=MyEDU-8.117!
contex=15-196-incoming
host=dynamic
disallow=all
allow=alaw
insecure=invite
{code}
h3.extension.conf
{code}
#cat extension.conf (PBX-2)
[globals]
[general]
autofallthrough=yes
[outgoing_calls]
exten => _11XX,1,NoOp()
exten => _11XX,n,Dial(SIP/172.16.15.196/${EXTEN})
[internal]
exten => 1000,1,Verbose(1|Extension 1000)
exten => 1000,n,Dial(SIP/1000,30)
exten => 1000,n, Hangup()
[public]
exten => _10XX,1,NoOp()
exten => _10XX,n,Dial(SIP/${EXTEN},30)
exten => _10XX,n,Hangup()
[phones]
include => internal
include => outgoing_calls
[15-196-incoming]
include => internal
{code}
was:
I found a problem with call processing using SIP protocol.
For example:
I'm trying to make a call from a station at an Asterisk (PBX-1, assigned numbers: 11ХХ) directly to a station at another Asterisk (PBX-2, assigned numbers: 10ХХ-11ХХ). The original CID is passed during the call. It may happen so that PBX-2 determines the incoming CID as existing in its own configuration. in this case PBX-2 returns "Forbidden 403" as if an authentication error occured.
For example, I'm trying to make a call from number 1107 on PBX-1 (this number exists in the configuration of both PBXs), to number 1000 (PBX-2)
{code}
Using INVITE request as basis request - 195851bb4abc4fdc17ba8da524330781 at 172.16.15.196:5060
Found peer '1107' for '1107' from 172.16.15.196:5060
[Mar 17 01:02:55] WARNING[901][C-00000049]: chan_sip.c:16702 check_auth: username mismatch, have <1107>, digest has <s>
[Mar 17 01:02:55] NOTICE[901][C-00000049]: chan_sip.c:25603 handle_request_invite: Failed to authenticate device "Astashov A." <sip:1107 at 172.16.15.196>;tag=as5ce36944
{code}
Both PBXs are configured according to the documentation.
However, if I remove the station number (1107) from the PBX-2 configuration, the error does not occur, the call proceeds normally.
The error is occurring with Asterisk version 13, it does not occur on Asterisk version 11 when using the same configuration.
Also, the error does not occur when using the IAX2 protocol even on version 13.
So, the problem is only with Asterisk 13 when using SIP.
This issue is preventing me from using FMC (Fixed Mobile Convergence) provided by our mobile carrier.
My configuration is as follows:
h2. Bigger heading PBX-1
{code}#cat sip.conf (PBX-1)
[general]
context=public
udpbindaddr=0.0.0.0
allowoverlap=no
bindaddr=0.0.0.0
bindport=5060
register => Astashov-EDU-15-196:MyEDU-8.117!@172.16.15.196/Astashov-EDU-15-196
[1100]
type=friend
context=phones
host=dynamic
secret=MyEDU!!
dial=SIP/1100
[1107]
type=friend
context=phones
host=dynamic
secret=MyEDU!!
dial=SIP/1107
[Astashov-EDU-8-117]
type=friend
secret=MyEDU-8.117!
contex=8-117-incoming
host=dynamic
disallow=all
allow=alaw
insecure=invite
{code}
{code}
#cat extension.conf (PBX-1)
[globals]
[general]
autofallthrough=yes
[outgoing_calls]
exten => _10XX,1,NoOp()
exten => _10XX,n,Dial(SIP/172.16.8.117/${EXTEN})
[internal]
exten => 1107,1,Verbose(1|Extension 1107)
exten => 1107,n,Dial(SIP/1107,30)
exten => 1107,n, Hangup()
[public]
exten => _11XX,1,NoOp()
exten => _11XX,n,Dial(SIP/${EXTEN},30)
exten => _11XX,n,Hangup()
[phones]
include => internal
include => outgoing_calls
[8-117-incoming]
include => internal
{code}
{code}
#cat sip.conf (PBX-2)
[general]
context=public
udpbindaddr=0.0.0.0
allowoverlap=no
bindaddr=0.0.0.0
bindport=5060
register => Astashov-EDU-8-117:MyEDU-8.117!@172.16.15.196/Astashov-EDU-8-117
[1000]
type=friend
context=phones
host=dynamic
secret=MyEDU!!
dial=SIP/1000
[1107]
type=friend
context=phones
host=dynamic
secret=MyEDU!!
dial=SIP/1107
[Astashov-EDU-15-196]
type=friend
secret=MyEDU-8.117!
contex=15-196-incoming
host=dynamic
disallow=all
allow=alaw
insecure=invite
{code}
{code}
#cat extension.conf (PBX-2)
[globals]
[general]
autofallthrough=yes
[outgoing_calls]
exten => _11XX,1,NoOp()
exten => _11XX,n,Dial(SIP/172.16.15.196/${EXTEN})
[internal]
exten => 1000,1,Verbose(1|Extension 1000)
exten => 1000,n,Dial(SIP/1000,30)
exten => 1000,n, Hangup()
[public]
exten => _10XX,1,NoOp()
exten => _10XX,n,Dial(SIP/${EXTEN},30)
exten => _10XX,n,Hangup()
[phones]
include => internal
include => outgoing_calls
[15-196-incoming]
include => internal
{code}
> Bug in chan_sip - Forbidden 403
> -------------------------------
>
> Key: ASTERISK-25851
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25851
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General
> Affects Versions: 13.7.2
> Reporter: Alexey A. Astashov
>
> I found a problem with call processing using SIP protocol.
> For example:
> I'm trying to make a call from a station at an Asterisk (PBX-1, assigned numbers: 11ХХ) directly to a station at another Asterisk (PBX-2, assigned numbers: 10ХХ-11ХХ). The original CID is passed during the call. It may happen so that PBX-2 determines the incoming CID as existing in its own configuration. in this case PBX-2 returns "Forbidden 403" as if an authentication error occured.
> For example, I'm trying to make a call from number 1107 on PBX-1 (this number exists in the configuration of both PBXs), to number 1000 (PBX-2)
> {code}
> Using INVITE request as basis request - 195851bb4abc4fdc17ba8da524330781 at 172.16.15.196:5060
> Found peer '1107' for '1107' from 172.16.15.196:5060
> [Mar 17 01:02:55] WARNING[901][C-00000049]: chan_sip.c:16702 check_auth: username mismatch, have <1107>, digest has <s>
> [Mar 17 01:02:55] NOTICE[901][C-00000049]: chan_sip.c:25603 handle_request_invite: Failed to authenticate device "Astashov A." <sip:1107 at 172.16.15.196>;tag=as5ce36944
> {code}
> Both PBXs are configured according to the documentation.
> However, if I remove the station number (1107) from the PBX-2 configuration, the error does not occur, the call proceeds normally.
> The error is occurring with Asterisk version 13, it does not occur on Asterisk version 11 when using the same configuration.
> Also, the error does not occur when using the IAX2 protocol even on version 13.
> So, the problem is only with Asterisk 13 when using SIP.
> This issue is preventing me from using FMC (Fixed Mobile Convergence) provided by our mobile carrier.
> My configuration is as follows:
> h2.PBX-1
> h3.sip.conf
> {code}#cat sip.conf (PBX-1)
> [general]
> context=public
> udpbindaddr=0.0.0.0
> allowoverlap=no
> bindaddr=0.0.0.0
> bindport=5060
> register => Astashov-EDU-15-196:MyEDU-8.117!@172.16.15.196/Astashov-EDU-15-196
> [1100]
> type=friend
> context=phones
> host=dynamic
> secret=MyEDU!!
> dial=SIP/1100
> [1107]
> type=friend
> context=phones
> host=dynamic
> secret=MyEDU!!
> dial=SIP/1107
> [Astashov-EDU-8-117]
> type=friend
> secret=MyEDU-8.117!
> contex=8-117-incoming
> host=dynamic
> disallow=all
> allow=alaw
> insecure=invite
> {code}
> h3.extension.conf
> {code}
> #cat extension.conf (PBX-1)
> [globals]
> [general]
> autofallthrough=yes
> [outgoing_calls]
> exten => _10XX,1,NoOp()
> exten => _10XX,n,Dial(SIP/172.16.8.117/${EXTEN})
> [internal]
> exten => 1107,1,Verbose(1|Extension 1107)
> exten => 1107,n,Dial(SIP/1107,30)
> exten => 1107,n, Hangup()
> [public]
> exten => _11XX,1,NoOp()
> exten => _11XX,n,Dial(SIP/${EXTEN},30)
> exten => _11XX,n,Hangup()
> [phones]
> include => internal
> include => outgoing_calls
> [8-117-incoming]
> include => internal
> {code}
> h2.PBX-2
> h3.sip.conf
> {code}
> #cat sip.conf (PBX-2)
> [general]
> context=public
> udpbindaddr=0.0.0.0
> allowoverlap=no
> bindaddr=0.0.0.0
> bindport=5060
> register => Astashov-EDU-8-117:MyEDU-8.117!@172.16.15.196/Astashov-EDU-8-117
> [1000]
> type=friend
> context=phones
> host=dynamic
> secret=MyEDU!!
> dial=SIP/1000
> [1107]
> type=friend
> context=phones
> host=dynamic
> secret=MyEDU!!
> dial=SIP/1107
> [Astashov-EDU-15-196]
> type=friend
> secret=MyEDU-8.117!
> contex=15-196-incoming
> host=dynamic
> disallow=all
> allow=alaw
> insecure=invite
> {code}
> h3.extension.conf
> {code}
> #cat extension.conf (PBX-2)
> [globals]
> [general]
> autofallthrough=yes
> [outgoing_calls]
> exten => _11XX,1,NoOp()
> exten => _11XX,n,Dial(SIP/172.16.15.196/${EXTEN})
> [internal]
> exten => 1000,1,Verbose(1|Extension 1000)
> exten => 1000,n,Dial(SIP/1000,30)
> exten => 1000,n, Hangup()
> [public]
> exten => _10XX,1,NoOp()
> exten => _10XX,n,Dial(SIP/${EXTEN},30)
> exten => _10XX,n,Hangup()
> [phones]
> include => internal
> include => outgoing_calls
> [15-196-incoming]
> include => internal
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list